Accepting request 1041191 from devel:microos

OBS-URL: https://build.opensuse.org/request/show/1041191 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=101
2022-12-08 15:50:28 +00:00 · 2022-12-08 15:50:28 +00:00 · 5747b072a4
commit 5747b072a4
parent ef252a9528 d73f060088
8 changed files with 253 additions and 29 deletions
--- a/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
+++ b/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
@ -0,0 +1,93 @@
+From 07151aaec3312b3235847106cfd76608c2d823e5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dcermak@suse.com>
+Date: Wed, 7 Dec 2022 17:28:39 +0100
+Subject: [PATCH] Revert "Default missing hostPort to containerPort is defined
+ in kube.yaml"
+
+This reverts commit f5fc0960e5eddf64a7d8fbf8fbfd3652b4ee5db3.
+---
+ pkg/specgen/generate/kube/kube.go |  3 ---
+ test/e2e/play_kube_test.go        |  6 ++++++
+ test/system/700-play.bats         | 24 ------------------------
+ 3 files changed, 6 insertions(+), 27 deletions(-)
+
+diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
+index 5186a2f72..b707c52a2 100644
+--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
+@@ -918,9 +918,6 @@ func getPodPorts(containers []v1.Container) []types.PortMapping {
+ 			if p.HostPort != 0 && p.ContainerPort == 0 {
+ 				p.ContainerPort = p.HostPort
+ 			}
+-			if p.HostPort == 0 && p.ContainerPort != 0 {
+-				p.HostPort = p.ContainerPort
+-			}
+ 			if p.Protocol == "" {
+ 				p.Protocol = "tcp"
+ 			}
+diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
+index 97823e232..6fe299b38 100644
+--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
+@@ -133,6 +133,8 @@ spec:
+   containers:
+   - name: podnameEqualsContainerNameYaml
+     image: quay.io/libpod/alpine:latest
+    ports:
+    - containerPort: 80
+ `
+ 
+ var podWithoutAName = `
+@@ -237,6 +239,8 @@ spec:
+         - "1.5"
+         name: alpine
+         image: quay.io/libpod/alpine:latest
+        ports:
+        - containerPort: 80
+         livenessProbe:
+           exec:
+             command:
+@@ -270,6 +274,8 @@ spec:
+         - "1.5"
+         name: alpine
+         image: quay.io/libpod/alpine:latest
+        ports:
+        - containerPort: 80
+         livenessProbe:
+           exec:
+             command:
+diff --git a/test/system/700-play.bats b/test/system/700-play.bats
+index 5f3eb1ef2..3ff1e1ed6 100644
+--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
+@@ -392,27 +392,3 @@ status: {}
+     run_podman rm -a -f
+     run_podman rm -f -t0 myyaml
+ }
+-
+-@test "podman kube play - hostport" {
+-    HOST_PORT=$(random_free_port)
+-    echo "
+-apiVersion: v1
+-kind: Pod
+-metadata:
+-  labels:
+-    app: test
+-  name: test_pod
+-spec:
+-  containers:
+-    - name: server
+-      image: $IMAGE
+-      ports:
+-        - name: hostp
+-          containerPort: $HOST_PORT
+-" > $PODMAN_TMPDIR/testpod.yaml
+-
+-    run_podman kube play $PODMAN_TMPDIR/testpod.yaml
+-    run_podman pod inspect test_pod --format "{{.InfraConfig.PortBindings}}"
+-    assert "$output" = "map[$HOST_PORT/tcp:[{ $HOST_PORT}]]"
+-    run_podman kube down $PODMAN_TMPDIR/testpod.yaml
+-}
+-- 
+2.38.1
+
--- a/2
+++ b/2
@ -2,7 +2,7 @@
  <service name="tar_scm" mode="disabled">
    <param name="url">https://github.com/containers/podman.git</param>
    <param name="scm">git</param>
-    <param name="revision">v4.2.1</param>
+    <param name="revision">v4.3.1</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
    <param name="versionrewrite-pattern">v(.*)</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/containers/podman.git</param>
-              <param name="changesrevision">62b324ddf718411b1d4d0ba8117c632f7f984a38</param></service></servicedata>
+              <param name="changesrevision">814b7b003cc630bf6ab188274706c383f9fb9915</param></service></servicedata>
--- a/podman-4.2.1.tar.xz
+++ b/podman-4.2.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2577f3c921effa04f9ecc3a350ceacfb74a7e24edb9acf913d61fa42a231b59d
-size 7886360
--- a/podman-4.3.1.tar.xz
+++ b/podman-4.3.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7d3ba29fb78a56d63c8fc3f27560dcdbb2391c62c0b3b4600ebce66dd449fa86
+size 7652828
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-addFilter (".* W: explicit-lib-dependency libcontainers-common")
-addFilter (".* W: explicit-lib-dependency libcontainers-image")
-addFilter (".* W: explicit-lib-dependency libcontainers-storage")
-addFilter (".* W: missing-call-to-setgroups-before-setuid")
-addFilter (".* W: non-conffile-in-etc .*zsh_completion.d.*")
--- a/podman.changes
+++ b/podman.changes
@ -1,3 +1,133 @@
+-------------------------------------------------------------------
+Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com
+
+- switch to building with go 1.17
+- use %%make_* macros
+- drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap
+- remove rpmlintrc (contained only obsolete filters)
+- remove obsolete with_libostree (we don't build on anything older than SLE 15)
+- add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
+  (hotfix for https://github.com/containers/podman/issues/16765)
+- Update to version 4.3.1:
+
+4.3.1:
+
+### Bugfixes
+- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
+
+### Misc
+- Updated the containers/image library to v5.23.1
+
+
+4.3.0:
+
+### Features
+- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
+- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)).
+- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
+- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
+- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
+- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
+- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)).
+- The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)).
+- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
+- The `podman play kube` command now supports `binaryData` in ConfigMaps.
+- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
+- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)).
+- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
+- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
+- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)).
+- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
+- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)).
+- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)).
+- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
+- The `podman restart` command now supports the `--cidfile` and `--filter` options.
+- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
+- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
+- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
+- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
+- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)).
+- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
+- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
+- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
+- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
+- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
+- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
+- The `podman stats` command now accepts the `--no-trunc` option.
+- The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)).
+- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)).
+- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
+- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)).
+
+### Changes
+- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)).
+- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
+- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
+- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
+- The installer for the Windows Podman client has been improved.
+- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)).
+- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)).
+- Events for containers that are part of a pod now include the ID of the pod in the event.
+- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
+- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
+- The `podman inspect` command on containers now includes the digest of the image used to create the container.
+- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
+
+### Bugfixes
+- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)).
+- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)).
+- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)).
+- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)).
+- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)).
+- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)).
+- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes.
+- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress.
+- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)).
+- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use.
+- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)).
+- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)).
+- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot.
+- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)).
+- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)).
+- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)).
+- Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)).
+- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)).
+- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)).
+- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option.
+- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)).
+- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted.
+- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)).
+- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)).
+- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)).
+- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)).
+- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command.
+- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status.
+- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)).
+- Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)).
+- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
+- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic.
+- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)).
+
+### API
+- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)).
+- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)).
+- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)).
+- Fixed a bug where the REST API could panic while retrieving images.
+- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.
+
+### Misc
+- Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)).
+- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)).
+- Work is ongoing to port Podman to FreeBSD.
+- The output of `podman generate systemd` has been adjusted to improve readability.
+- A number of performance improvements have been made to `podman create` and `podman run`.
+- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
+- Updated Buildah to v1.28.0
+- Updated the containers/image library to v5.23.0
+- Updated the containers/storage library to v1.43.0
+- Updated the containers/common library to v0.50.1
+
+
 -------------------------------------------------------------------
 Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com

@ -8,7 +138,7 @@ Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com
  * fix podman events with custom format
  * Drop stale config value resulting in asymmetric config
  * Fix list of default capabilities
-  * Add container GID to additional groups
+  * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch)
  * libpod: Ensure that generated container names are random
  * Fix bind-mount-option annotation in gen/play kube
  * Improved Windows compatibility for machine command
--- a/podman.spec
+++ b/podman.spec
@ -1,7 +1,7 @@
 #
 # spec file for package podman
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -15,23 +15,20 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #

-
+%{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d}
 %define project        github.com/containers/podman
-# Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15
-%if 0%{?suse_version} >= 1500
-%define with_libostree 1
-%endif
 Name:           podman
-Version:        4.2.1
+Version:        4.3.1
 Release:        0
 Summary:        Daemon-less container engine for managing containers, pods and images
 License:        Apache-2.0
 Group:          System/Management
-URL:            https://github.com/containers/podman
+URL:            https://%{project}
 Source0:        %{name}-%{version}.tar.xz
 Source1:        podman.conf
-Source3:        %{name}-rpmlintrc
-Source4:        README.SUSE.SLES
+Source2:        README.SUSE.SLES
+# hotfix for https://github.com/containers/podman/issues/16765
+Patch0:         0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
 BuildRequires:  bash-completion
 BuildRequires:  cni
 BuildRequires:  device-mapper-devel
@ -47,7 +44,7 @@ BuildRequires:  libbtrfs-devel
 BuildRequires:  libcontainers-common
 BuildRequires:  libgpgme-devel
 BuildRequires:  libseccomp-devel
-BuildRequires:  golang(API) = 1.16
+BuildRequires:  golang(API) = 1.17
 BuildRequires:  pkgconfig(libselinux)
 BuildRequires:  pkgconfig(libsystemd)
 Recommends:     apparmor-abstractions
@ -64,9 +61,8 @@ Requires:       slirp4netns >= 0.4.0
 Requires:       timezone
 Recommends:     %{name}-cni-config = %{version}
 Suggests:       katacontainers
-%if 0%{?with_libostree}
 BuildRequires:  libostree-devel
-%endif
+

 %description
 Podman is a container engine for managing pods, containers, and container
@ -118,17 +114,22 @@ pages and %{name}.

 %build
 # Build podman
-BUILDFLAGS="-buildmode=pie" make
+BUILDFLAGS="-buildmode=pie" %make_build

 # Build manpages
-make %{?_smp_mflags} docs
+%make_build docs

 %check
 # Too many tests fail due to the restricted permissions in the build enviroment.
 # Updates must be tested manually.

 %install
-make DESTDIR=%{buildroot} PREFIX=/usr LIBEXECDIR=%{_libexecdir} install install.completions install.docker
+%make_install PREFIX=/usr LIBEXECDIR=%{_libexecdir} install.completions install.docker
+
+# remove the user tmpfile on SLE/Leap as it cannot handle them
+%if 0%{?suse_version} == 1500
+rm %{buildroot}%{_user_tmpfilesdir}/podman-docker.conf
+%endif

 # Add podman modprobe.d drop-in config
 mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d
@ -136,10 +137,11 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}

 # README.SUSE is SLES specifc currently
 %if !0%{?is_opensuse}
-install -D -m 0644 %{SOURCE4} %{buildroot}%{_docdir}/%{name}/README.SUSE
+install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE
 %endif

-%fdupes %{buildroot}/%{_prefix}
+%fdupes %{buildroot}/%{_datadir}
+%fdupes %{buildroot}/%{_systemd_util_dir}

 %files
 %if !0%{?is_opensuse}
@ -194,6 +196,10 @@ install -D -m 0644 %{SOURCE4} %{buildroot}%{_docdir}/%{name}/README.SUSE
 %files docker
 %{_bindir}/docker
 %{_tmpfilesdir}/podman-docker.conf
+%if 0%{?suse_version} > 1500
+%{_user_tmpfilesdir}/podman-docker.conf
+%dir %{_user_tmpfilesdir}
+%endif

 %post docker
 %tmpfiles_create %{_tmpfilesdir}/podman-docker.conf